Libprotobuf Mutator Fuzzing Learning Save
Learn how to combine libprotobuf-mutator with libfuzzer & AFL++
libprotobuf-mutator_fuzzing_learning
Learn how to combine libprotobuf-mutator with libfuzzer & AFL++
Environment Settings
- Ubuntu Linux 22.04 64 bit
- Clang 14.0.0
- libprotobuf-mutator 3.21.7 (af3bb1)
[!IMPORTANT] As of 2023/12/01, this repo won't work with the latest libprotobuf-mutator. It is recommended to switch to commit
af3bb1before compile & installing the libraries ( reference ).
- AFL++ 4.09a (61e27c)
Install Clang/LLVM & libfuzzer
- Follow the step in this article and add the toolchain's apt repository in Ubuntu.
-
sudo apt-get install clang-14 libfuzzer-14-dev
Install libprotobuf-mutator
Follow the step in libprotobuf-mutator's readme
Install dependencies
sudo apt-get update
sudo apt-get install protobuf-compiler libprotobuf-dev binutils cmake \
ninja-build liblzma-dev libz-dev pkg-config autoconf libtool
Build the required libraries
cd libprotobuf-mutator
mkdir build
cd build
( A cmake command, check the below section )
ninja # build the libraries
sudo ninja install # install the libraries ( optional )
About cmake command :
- Use the following cmake command to build
libprotobuf-mutator-libfuzzer.so.0andlibprotobuf-mutator.so.0shared library :
cmake .. -GNinja -DCMAKE_C_COMPILER=clang-14 \
-DCMAKE_CXX_COMPILER=clang++-14 \
-DCMAKE_BUILD_TYPE=Debug \
-DLIB_PROTO_MUTATOR_DOWNLOAD_PROTOBUF=ON \
-DBUILD_SHARED_LIBS=ON
- To build static libraries (
libprotobuf-mutator-libfuzzer.aandlibprotobuf-mutator.a), use the followingcmakecommand ( this will generate libraries that can be linked into shared libraries / normal program ) :
cmake .. -GNinja -DCMAKE_C_COMPILER=clang-14 \
-DCMAKE_CXX_COMPILER=clang++-14 \
-DCMAKE_BUILD_TYPE=Debug \
-DLIB_PROTO_MUTATOR_DOWNLOAD_PROTOBUF=ON \
-DCMAKE_C_FLAGS="-fPIC" -DCMAKE_CXX_FLAGS="-fPIC"
After building successfully, you can go to the build directory, and use the following command to check if the library is built correctly :
# Check if libprotobuf-mutator.so.0 exist
# To check other libraries just change the library name
find . | grep "libprotobuf-mutator.so.0"
How to upgrade the environment
- Upgrade Clang/LLVM & libfuzzer ( install a new version )
- Upgrade AFL++ ( git pull & rebuild )
- Upgrade libprotobuf-mutator ( git pull & rebuild )
- Rebuild and re-install
libprotobuf-mutator-libfuzzer.so.0andlibprotobuf-mutator.so.0. - Rebuild
libprotobuf-mutator-libfuzzer.aandlibprotobuf-mutator.a.
- Rebuild and re-install
-
Re-compile the protobuf with newer
protocand replace those*.cc&*.hwith new ones.
FAQ
Q : I ran into this error message while building the binary : This file was generated by an old version of protoc.
A : If your protoc's version is newer, make sure to re-generate test.pb.cc and test.pb.h with the original protobuf source code test.proto ( source code and steps to generate *.cc & *.h are all in 1_simple_protobuf ).
Learning
- Simple protobuf example
- libprotobuf + libfuzzer
- libprotobuf + libfuzzer ( custom mutator )
- How to combine libprotobuf-mutator and AFL++
- Handling input samples from AFL++ in custom mutator
Reference
- libprotobuf-mutator
- Deconstructing LibProtobuf/Mutator Fuzzing
- Custom Proto Mutation
- AFL++ custom mutator
- afl-libprotobuf-mutator
- Advanced binary fuzzing using AFL++-QEMU and libprotobuf: a practical case of grammar-aware in-memory persistent fuzzing
LICENSE
MIT
Open Source Agenda Badge
